specify an ip to use for outgoing traffic on a multi ip machine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



I have 2 distant sites, each having a local lan privately addressed and a linux internet gateway. A pptp vpn is set up between the two gateways.
site A :
lan :
gw :
public :
vpn :

site B :
lan :
gw :
public :
vpn :

Routing is set up on both sites so that traffic to public addresses is nat'ed and sent directly on internet, and traffic to private adresses is sent over the vpn. This allows a site B client (say to access a site A server (say
There are ip filters on the servers which only allow or as valid source addresses. For various reasons I do not
want the vpn private addresses to be used for anything else than vpn
traffic and those filters reject source addresses.
The problem is that when one of the linux gateways connects to a remote
private server, it uses it's vpn address as source instead of its
private lan address. For example, if I telnet from site B's gateway to
site A server, telnet will use as source and the
connection is refused. Obviously this doesn't occur when I telnet from
any other site B machine to that server.
Some tools allow to specify which interface to use on multiple interface
machines, such as ping (with -I) or rsync (with --address), but this is
not the case for all. My question is, what do I have to do to have each
gateway use its private lan address for any traffic with other private
machines on the remote site ?
I thought of iptables rules, but I'm afraid they could mess up the vpn
I also thought of ip policy routing, but it would change the path, not
the source
Maybe a combination of the 2 ?
Or something else ?

Many thanks in advance for any tip


The problem

I have a corporate lan with a private ip subnet
On this corporate lan I have a vpn server with 2 nics, one on the lan with a private ip, one on the internet with a public ip
On a remote site, I have a local lan with a private ip subnet
On this lan remote lan I have a linux box acting as an internet gateway, one nic with a private ip, on on the internet with a public ip On this linux box I also have a vpn pptp client going to the corporate vpn server. The remote interface has the private ip and the corporate side interface has the private ip
Routing is set up on both sides so that traffic to public servers is nat'ed

a linux box with 2 nics acting as an internet router for a local lan.
Basically the lan has a private ip subnet, say and the lan nic a private ip address, say The wan nic goes to a dsl modem and gets a public ip from the isp say
There is also a vpn established with a corporate lan

, the second goes to the lan with a fixed private ip, say
A pptp vpn is mounted to reach a company lan with

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux